Update rings applied, but clients not updating from Intinue /Windows update for business

%3CLINGO-SUB%20id%3D%22lingo-sub-1124810%22%20slang%3D%22en-US%22%3EUpdate%20rings%20applied%2C%20but%20clients%20not%20updating%20from%20Intinue%20%2FWindows%20update%20for%20business%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1124810%22%20slang%3D%22en-US%22%3E%3CP%3ERecently%20I%20switched%20the%20Windows%20Update%20Policies%20co-management%20workload%20from%20Configmgr%20to%20Pilot%20Intune%20and%20created%20update%20rings%20in%20Intune%20assigned%20to%20my%20pilot%20group.%26nbsp%3B%20The%20update%20ring%20is%20set%20to%20defer%20both%20quality%20and%20feature%20updates%20for%200%20days%2C%20with%20deadlines%20of%202%20and%2028%20days.%26nbsp%3B%20The%20clients%20don't%20seem%20to%20be%20updating%20based%20on%20that%20schedule%20though.%26nbsp%3B%20It's%20been%20more%20than%20the%2028%20days%20since%20I%20set%20this%20up%2C%20and%20none%20of%20the%20computers%20in%20the%20pilot%20ring%20have%20installed%20a%20feature%20update%20since%20the%20change%20was%20made.%26nbsp%3B%20The%20computers%20in%20the%20pilot%20group%20are%20running%20a%20mix%20of%20Win10%201903%2C%201809%2C%20and%201803.%26nbsp%3B%20They%20have%20received%20the%20January%202020%20updates%2C%20but%20I%20think%20those%20still%20came%20from%20configmgr%2C%20not%20Intune%20%2F%20Windows%20Update%20for%20Business.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhat%20am%20I%20missing%20that%20would%20cause%20the%20clients%20to%20still%20get%20windows%20updates%20from%20Configmgr%20and%20not%20intune%2FWUfB%3F%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1124810%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3Econfigmgr%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIntune%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMobile%20Device%20Management%20(MDM)%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EWindows%20Update%20for%20Business%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1134932%22%20slang%3D%22en-US%22%3ERe%3A%20Update%20rings%20applied%2C%20but%20clients%20not%20updating%20from%20Intinue%20%2FWindows%20update%20for%20business%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1134932%22%20slang%3D%22en-US%22%3EAre%20the%20clients%20showing%20Compliant%20in%20Intune%3F%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1133594%22%20slang%3D%22en-US%22%3ERe%3A%20Update%20rings%20applied%2C%20but%20clients%20not%20updating%20from%20Intinue%20%2FWindows%20update%20for%20business%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1133594%22%20slang%3D%22en-US%22%3E%3CP%3Ebump...%3C%2FP%3E%3C%2FLINGO-BODY%3E
Regular Contributor

Recently I switched the Windows Update Policies co-management workload from Configmgr to Pilot Intune and created update rings in Intune assigned to my pilot group.  The update ring is set to defer both quality and feature updates for 0 days, with deadlines of 2 and 28 days.  The clients don't seem to be updating based on that schedule though.  It's been more than the 28 days since I set this up, and none of the computers in the pilot ring have installed a feature update since the change was made.  The computers in the pilot group are running a mix of Win10 1903, 1809, and 1803.  They have received the January 2020 updates, but I think those still came from configmgr, not Intune / Windows Update for Business.  

 

What am I missing that would cause the clients to still get windows updates from Configmgr and not intune/WUfB? 

6 Replies
Are the clients showing Compliant in Intune?

@Moe_Kinani  Yes, most of them do show compliant overall.  A few are non-compliant, but that's clearly attributable to a specific policy setting, in each case either secure boot or bitlocker related.  Those are known issues. 

 

Looking down the list under End User Update status though, most of these computers show update status as up to date, but feature update version as v1903.  The update ring is set to defer feature updates for 45 days, and with a 7 day deadline for feature updates and 2 day grace period.  Shouldn't these all have updated to v1909 by now? 

 

I guess the Feature update setting is still in preview, right? so it could be the reason.


@Moe_Kinani 

Defer Feature Update is a setting from Windows Update for Business, whereas you refer to the new function to specify a certain Windows build (Feature update (preview)). 

 

@Steve Whitcher Just some brainstorming points that came in my mind:

- Is this happening to all devices or just to some?

- Are the devices in a free internet environment or is there a proxy in between?

- Is there a GPO setting conflicting with the Intune MDM Policy? Check the registry, WUfB is definied here: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate

- Is the device connecting to Windows for updates? You can look up the connections with wireshark. Is there maybe some WSUS setting left on the devices?

 

If nothing works, did you contact Microsoft?

 

Kind Regards,

Christian

 

 

Hi Steve

I have a similar issue to yours - have you ever found the solution to this 

then also I see a lot of Windows 10 systems show as "Not applicable" when reporting on the update ring 

does this mean that the system is actually up to date - I have to knw this for SLA reporting currently I sit with about 25% of the Windows 10 devices showing as "not applicable" in the reports

thank you